Cyber Security Today: A super security problem, not-so-smart products

Tutoring site has a super security problem, companies install not-so smart products and update your browsers

Welcome to Cyber Security Today. It’s Monday August 20th. To hear the podcast, click on the arrow below:

Cyber Security Today on Amazon Alexa Subscribe to Cyber Security Today on Google Play Subscribe to Cyber Security Today on Apple Podcasts

The business world is a tough place to be in. Sometimes competition is cut-throat. But that doesn’t mean security provisions have to be cut-rate. That’s what appears to have happened in Britain after a web service called SuperProf, where people can list tutoring services they offer, took over a local competitor called The Tutor Page. As security writer Graham Cluley reports, Superprof then changed the passwords of Tutor Page teachers, letting them know in an email. But instead of spending money to make sure the new passwords were scrambled, the company merely added the word “super” to their first names. Like “superhoward.” True, the new password can be changed, but for a short time people were at risk with easily guessable passwords. The username is their email address. Angry subscribers are venting their rage on the Internet, which gives the company a black eye. That’s something SuperProf needs to be tutored about.

Making everything connected to the Internet is apparently the future of the world. However, it can be a dangerous world if devices aren’t secure. Here are two examples: An amusement park with Internet-connected lockers for the public to store items in nearly got stung by a cyber attack. The connection allowed management to know which lockers were being used or the locks were damaged. But according to a recent report from security vendor Darktrace, someone hijacked the link and could have used it to access to the corporate network. Similarly, a parking lot’s Internet-connected payment kiosk was found to be connecting to suspicious web sites. It could have been used to get into the company’s network. There was no security on that kiosk device at all, said Darktrace’s David Masson in an interview. Obviously companies are still not examining all the risks of Internet-connected devices. One solution, Masson said, is for technology buyers to refuse to purchase devices that can’t be made secure and can’t be patched. Another is for IT departments to have better visibility into what’s going on on their networks. And a third is to improve the training of IT staff.

In June I reminded listeners that the popular mobile video game Fortnite for Apple devices hadn’t yet been released for Android, so they shouldn’t download pretenders. Well, earlier this month creator Epic Games released its Android version, but it’s available only from the Epic Games site and not Google Play. However, criminals are pushing Web sites that claim to have the game. In fact what you get is something loaded with malware. It’s a reminder to be careful of where you download anything from the Internet.

Finally, there’s another reason to make sure you’re running the latest version of your browser. A security researcher at Imperva has discovered a vulnerability that could allow an attacker to find out personal information on you from web sites like Facebook. On some sites users can set preferences, such as their age, location or interest, and use that as a filter to restrict receiving messages. People making posts can target their messages to those who are in a group. However, for complex reasons this data can be accessed and possibly identify people. Browsers like Chrome have plugged this hole. So make sure your browser is up to date.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now